--- texk/makeindexk/mkind.c

+++ texk/makeindexk/mkind.c	2007-02-06 13:43:26.000000000 +0100

@@ -179,7 +179,9 @@ char   *argv[];

 		    argc--;

 		    if (argc <= 0)

 			FATAL("Expected -p <num>\n","");

-		    strcpy(pageno, *++argv);

+		    if (strlen(*++argv) >= sizeof(pageno))

+			FATAL("Page number too high\n","");

+		    strcpy(pageno, *argv);

 		    init_page = TRUE;

 		    if (STREQ(pageno, EVEN)) {

 			log_given = TRUE;

@@ -227,10 +229,10 @@ char   *argv[];

 	if (fn_no == 0 && !sty_given)

 	{

-		char tmp[STRING_MAX + 5];

+		char tmp[STRING_MAX];

 		/* base set by last call to check_idx */

-		sprintf (tmp, "%s%s", base, INDEX_STY);

+		snprintf (tmp, sizeof(tmp), "%s%s", base, INDEX_STY);

 		if (0 == access(tmp, R_OK)) {

 			open_sty (tmp);

 			sty_given = TRUE;

@@ -407,7 +409,7 @@ int     open_fn;

 	    if ((idx_fn = (char *) malloc(STRING_MAX)) == NULL)

 		FATAL("Not enough core...abort.\n", "");

-	    sprintf(idx_fn, "%s%s", base, INDEX_IDX);

+	    snprintf(idx_fn, STRING_MAX, "%s%s", base, INDEX_IDX);

 	    if ((open_fn && 

 	 ((idx_fp = OPEN_IN(idx_fn)) == NULL)

 	) ||

@@ -434,7 +436,7 @@ int     log_given;

     /* index output file */

     if (!ind_given) {

-	sprintf(ind, "%s%s", base, INDEX_IND);

+	snprintf(ind, sizeof(ind), "%s%s", base, INDEX_IND);

 	ind_fn = ind;

     }

     if ((ind_fp = OPEN_OUT(ind_fn)) == NULL)

@@ -442,14 +444,14 @@ int     log_given;

     /* index transcript file */

     if (!ilg_given) {

-	sprintf(ilg, "%s%s", base, INDEX_ILG);

+	snprintf(ilg, sizeof(ilg), "%s%s", base, INDEX_ILG);

 	ilg_fn = ilg;

     }

     if ((ilg_fp = OPEN_OUT(ilg_fn)) == NULL)

 	FATAL("Can't create transcript file %s.\n", ilg_fn);

     if (log_given) {

-	sprintf(log_fn, "%s%s", base, INDEX_LOG);

+	snprintf(log_fn, sizeof(log_fn), "%s%s", base, INDEX_LOG);

 	if ((log_fp = OPEN_IN(log_fn)) == NULL) {

 	    FATAL("Source log file %s not found.\n", log_fn);

 	} else {

@@ -505,6 +507,9 @@ char   *fn;

   if ((found = kpse_find_file (fn, kpse_ist_format, 1)) == NULL) {

      FATAL("Index style file %s not found.\n", fn);

   } else {

+    if (strlen(found) >= sizeof(sty_fn)) {

+      FATAL("Style file %s too long.\n", found);

+    }

     strcpy(sty_fn,found);

     if ((sty_fp = OPEN_IN(sty_fn)) == NULL) {

       FATAL("Could not open style file %s.\n", sty_fn);

@@ -512,6 +517,9 @@ char   *fn;

   }

 #else

     if ((path = getenv(STYLE_PATH)) == NULL) {

+        if (strlen(fn) >= sizeof(sty_fn)) {

+          FATAL("Style file %s too long.\n", fn);

+        }

 	/* style input path not defined */

 	strcpy(sty_fn, fn);

 	sty_fp = OPEN_IN(sty_fn);

--- texk/makeindexk/mkind.h

+++ texk/makeindexk/mkind.h	2007-02-06 13:42:38.000000000 +0100

@@ -322,7 +322,7 @@ ensuing.

 #ifdef LINE_MAX		/* IBM RS/6000 AIX has this in <sys/limits.h> */

 #undef LINE_MAX

 #endif

-#define LINE_MAX      72	/* maximum output line length (longer */

+#define LINE_MAX      _POSIX2_LINE_MAX	/* maximum output line length (longer */

 				/* ones wrap if possible) */

 #define NUMBER_MAX    16	/* maximum digits in a Roman or Arabic */

@@ -337,7 +337,7 @@ ensuing.

 #define ROMAN_MAX     16	/* maximum length of Roman page number */

 				/* field */

-#define STRING_MAX    256	/* maximum length of host filename */

+#define STRING_MAX    _POSIX2_LINE_MAX	/* maximum length of host filename */

 /*====================================================================*/